[Dovecot] Sieve file permission problem

Thu Jun 20 16:33:26 EEST 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 20 Jun 2013, Zoltan Lippai wrote:

> Thanks for the answer, I'm not sure what you mean by the additional permission details.
> Here is a quick example:
> /var/mail/domainname.hu/zolcsi chmod: 700, owner: vmail:mail
> After I set the initial sieve filters, the following file and directory gets created:
> /var/mail/domainname.hu/zolcsi/sieve (directory) chmod: 700, owner: vmail:mail
> /var/mail/domainname.hu/zolcsi/.dovecot.sieve (symlink to the sieve/sieve.sieve file) chmod: 600, owner: vmail:mail
>
> After these two are created then the webmail can't modify them unless I delete the files manually.
>
> Or is it possible to connect via telnet to port 2000 and issue some commands to see the actual answers of the ManageSieve server?

Er, below you've wrote that "It uses port 2000 to communicate with dovecot 
via the ManageSieve plugin." Now you write "webmail can't modify them" ... 
. So it seems that the webmail is not using port 2000??

If the UI is using the ManageSieve port, all should work fine, once the 
files are delete and only Pigeonhole (Dovecot Sieve & ManageSieve) 
accesses the files directly.

To test via telnet:

perl -e 'use MIME::Base64; print encode_base64(join("\0", @ARGV)), "\n" ' 
account account 'pwd'

$ gnutls-cli -p 2000 --starttls localhost
STARTTLS
^D
Authenticate "PLAIN" "<<output from perl>>"
CAPABILITY
HAVESPACE "myscript" 999999
Putscript "foo" {31+}
#comment
InvalidSieveCommand

Putscript "mysievescript" {110+}
require ["fileinto", "envelope"];
if envelope :contains "to" "tmartin+sent" {
   fileinto "INBOX.sent";
}

Getscript "mysievescript"
Deletescript "mysievescript"
setactive "mysievescript"

gnutls allows you to use STARTTLS; the number in PutScript's {#+} 
specifies the number of bytes following the putscript line, that makes up 
the script, which must be encoded as UTF8.

If you know Perl, check out 
http://search.cpan.org/~ska/Net-ManageSieve-0.12/lib/Net/ManageSieve.pm;

or maybe http://search.cpan.org/~mdom/App-Siesh-0.21/bin/siesh "interactive 
sieve shell"

> On 2013. June 19., Wednesday at 18:40, Daniel Parthey wrote:
>
>> Please provide permission details of the affected directories and files and possibly error messages from dovecot logfile.
>>
>> Regards
>> Daniel
>>
>>
>>
>> Zoltan Lippai <zoli at lippai.net (mailto:zoli at lippai.net)> schrieb:
>>> Hi folks,
>>>
>>> I am using dovecot 2.1.7 with the ManageSieve plugin which works great. Recently I set up Afterlogic webmail on my server (the community version) and it has a nice UI to manage the sieve settings. It uses port 2000 to communicate with dovecot via the ManageSieve plugin. Also, dovecot uses Maildirs to store the messages.
>>>
>>> The problem is that the permissions on the files that store the sieve rules are to strict.
>>> I am talking about the "sieve" directory and the .dovecot.sieve file.
>>> The sieve folder has a chmod 700 and the .dovecot.sieve is chmod 600. Both are owned by vmail:mail
>>>
>>> If I delete these two items, then the rules can be saved via the web interface. Then these files are created but for some reason the ManageSieve plugin can't modify them.
>>>
>>> Here is the output of dovecot -n:
>>> http://pastebin.com/4eqyBKCA
>>>
>>> Can you help me out on this?
>>>
>>> Thanks a lot!
>>> Zoltan
>>>
>>>
>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUcMEpl3r2wJMiz2NAQKOpgf+I5WOAWs8+ruXJYen/HhUQK4d6biY9psq
PjKmLdKXD/MBvOpXqKpB9E3dbWQXoYuZeU6nqLFOgJVGbgmbvq4Dpj4/CQod3dMy
wLFECXRDkW8rTVetaC2gLlJN/U/wVlV7nQ3CjtseZZQ+MTBAP+iYcyv0AKYNXafH
BWpUYG1eVPIsCV+GFXjKP0+MkCgHyYpnvySNAIYafV/3+9ETFrC3w7Oa7VsEXJtg
Pm+JEMtkgCxJDHSLamiirrLdL93IZwfeT+AHJ2eQSu0GskPStjjUv/RAu+F7suCM
1PQ7t790L7BY5SDe7LXWzGP+Gz6TC3ZU/FLxB6kcBCy9aCIWMuozXg==
=SLh7
-----END PGP SIGNATURE-----